Private Communities #5
Conversation
|
Very nice, @Nutomic ! I have two suggestions:
|
There was a problem hiding this comment.
Overall this would be a great thing for lemmy to have. My main suggestions:
- Make sure your new table has an
answerand adeny_reasonfield, just like theregistration_applicationtable. A random username applying to a private community needs to provide some context for why they want to join, otherwise the application process serves no point. - The
communitytable will also likely need anapplication_questioncolumn also. - I'd prefer that this new table be called
community_applicationor something like that. - You'll be doing the apub work so its ultimately up to you, but you could probably just using the existing
SubscribedType::pendingfor applications that haven't yet been approved.
0005-private-communities.md
Outdated
|
|
||
| There needs to be a new table to store follow requests: | ||
| ```sql | ||
| CREATE TABLE community_follow_request ( |
There was a problem hiding this comment.
Instead of adding this table, we should just add a accepted_application to the community_follower table, or just not add any columns at all, and rely on the SubscribedType::pending for unapproved apps to private communities.
And I'd recommend that the new table is called community_application (this one's my fav), private_community_application, community_registration_application or something like that, and look almost like our existing registration_application table, with these columns:
- Answer, person_id, moderator_id (optional until acted upon), deny_reason (optional string)
0005-private-communities.md
Outdated
|
|
||
| ## API | ||
|
|
||
| New follow requests for a private community need to be stored in `community_follow_request` table, and not in `community_follower`. This works very similar to the `registration_application` used for site registrations. Moderators can review and approve/reject applications with the following endpoints: |
There was a problem hiding this comment.
I'd say it is alright for accepted_application to be in community_follower , just like accepted_application is in local_user
0005-private-communities.md
Outdated
|
|
||
| As described in the API section, follow requests for private communities are stored in `community_follow_request` instead of `community_follower`. Once a request is approved, send an `Accept` activity back to the user. | ||
|
|
||
| The `Group` actor for private communities remains public and can be fetched without restrictions, so that remote users can fetch it and follow it. It needs a new attribute to indicate that the group is not public. [ActivityStreams](https://www.w3.org/TR/activitystreams-vocabulary/#dfn-group) doesn't seem to provide anything suitable, so we can simply add a custom attribute `private: true`. |
There was a problem hiding this comment.
I couldn't find anything usable either.
There was a problem hiding this comment.
The micro-blogging part of the Fediverse uses manuallyApprovesFollowers property (boolean). It is not defined in AS vocabulary, and usually defined as {"manuallyApprovesFollowers": "as:manuallyApprovesFollowers"}. However, it is supported by most projects (including Mastodon).
There was a problem hiding this comment.
That makes sense, Ive changed it. Only thing is that it doesnt give any indication that content in the group is private.
There was a problem hiding this comment.
Perhaps audience property can be used for that. as:Public would indicate a public or semi-private community.
Feels a bit awkward because audience is already used in FEP-1b12 objects.
|
|
||
| Frontends need to show an interface for moderators to approve new followers. This can likely reuse much of the code from registration applications, and use the endpoints described under "API". When `is_new_instance` is true on a given application, show a warning similar to the following before approving: | ||
|
|
||
| > Warning: This is the first follower from example.com. After approval, the admin of example.com is technically able to access all past and future content in this community. It is also possible that the instance at example.com makes community posts publicly available. If the community has sensitive content, make sure to only approve followers from trusted instances. |
There was a problem hiding this comment.
This is a good idea. Matrix has to deal with the same problem: as soon as 1 malicious instance gets access to the private room, they get all messages. Good to have warnings about that limitation.
This would partly overlap with the existing setting
This could easily be handled by a bot or script. Id rather not add this much extra complexity, especially not in the initial implementation. |
This is true, so we dont even need a new db table.
The neat thing about joining private communities with a simple follow is that it should easily work with other Activitypub platforms. But including a reason field with Anyway in most cases the user will have a profile and post history which should be enough to make a decision. If its a new user with no info, that alone should be enough reason to reject. However I can imagine when an application gets rejected the moderator can optionally enter a reason, and this gets shown to the user (federated as Reject). But that would require a new table again... |
|
Couldn't the
I can think of a lot of examples here where a private community would want a reason for the follow. They might want screening questions, verification of identity, a "password" shared from another private platform to verify. The only reason twitter / Masto doesn't have these cause they don't have private communities. FB has optional membership questions for their groups. |
The use case is basically: a user wants to create a community which should be able to organically attract new members and grow (so the content should be visible to all Lemmy users to invite participation), BUT, the community creator wants to vet new members before they are able to post/comment/like stuff. A few examples of where I think this would be useful:
|
|
@sunaurus Ive added that to the "Further work" section to not overcomplicate the initial implementation. @dessalines Having a follow reason is just too much work considering that it isnt necessary for making private communities work. Lets keep it simple and we can consider adding more features once the initial implementation is working. |
|
Alright, as long as it can be extensibly added later. |
|
Another use case is in meta communities, in reddit /r/anarchism we had metanarchism which was meant to allow community org by known members, but we had to take it completely private because reddit wouldn't allow visibility without also votes and comments from anyone which we didn't want. A way to have a transparent decision-making community with only stakeholders allowed to vote and comment would be quite useful. I could hook up to bot into it for a some interesting automation |
No description provided.